https://sourceware.org/bugzilla/show_bug.cgi?id=32030
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at sourceware dot org
--- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
(In reply to Nicolaas Weideman from comment #0)
> # Description
> ## The Vulnerability
> BFD implements a hash table in `binutils-gdb/bfd/hash.c`, with a hash
> function
> named `bfd_hash_hash` (code: [1]) and implementing separate chaining as
> collision resolution (code: [2]). The hash function `bfd_hash_hash` is weak,
> since it does not protect against reliable collision generation. Therefore,
> an attacker can arbitrarily degrade the performance, by forcing the hash
> table
> to execute in worst-case computational complexity `O(N**2)` by inserting
> colliding entries. This is an algorithmic complexity vulnerability (CWE-407).
This is indeed a performance issue, but why is it being called a vulnerability?
Commandline tools taking too long to execute hardly qualifies as a DoS. Are
services potentially exposing bfd to untrusted code a concern? The service
already should have reasonable timeouts to prevent DoS in such cases because
hash collision surely isn't the only way to slow down binutils or gdb.
--
You are receiving this mail because:
You are on the CC list for the bug.
